[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 07 Jul 2023 01:12:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eae77877 by security tracker role at 2023-07-07T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository 
outline/outli ...)
+       TODO: check
+CVE-2023-37192 (Memory management and protection issues in Bitcoin Core v22 
allows att ...)
+       TODO: check
+CVE-2023-36859 (PiiGAB M-Bus   SoftwarePack 900S  does not correctly sanitize 
user inp ...)
+       TODO: check
+CVE-2023-36829 (Sentry is an error tracking and performance monitoring 
platform. Start ...)
+       TODO: check
+CVE-2023-35987 (PiiGAB M-Bus contains hard-coded credentials which it uses for 
authent ...)
+       TODO: check
+CVE-2023-35890 (IBM WebSphere Application Server 8.5 and 9.0 could provide 
weaker than ...)
+       TODO: check
+CVE-2023-35765 (PiiGAB M-Bus stores credentials in a plaintext file, which 
could allow ...)
+       TODO: check
+CVE-2023-35120 (PiiGAB M-Bus is vulnerable to cross-site request forgery. An 
attacker  ...)
+       TODO: check
+CVE-2023-34995 (There are no requirements for setting a complex passwordfor 
PiiGAB M-B ...)
+       TODO: check
+CVE-2023-34433 (PiiGAB M-Bus stores passwords using a weak hash algorithm.)
+       TODO: check
+CVE-2023-33868 (The number of login attempts is not limited. This could allow 
an attac ...)
+       TODO: check
+CVE-2023-32652 (PiiGAB M-Busdoes not validate identification strings before 
processing ...)
+       TODO: check
+CVE-2023-31277 (PiiGAB M-Bus transmits credentials in plaintext format.)
+       TODO: check
 CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository 
nilsteampassn ...)
        - teampass <itp> (bug #730180)
 CVE-2023-3529 (A vulnerability classified as problematic has been found in 
Rotem Dyna ...)
@@ -434,7 +460,8 @@ CVE-2023-36183 (Buffer Overflow vulnerability in 
OpenImageIO v.2.4.12.0 and befo
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e
 (v2.4.13.0)
 CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows 
a remot ...)
        NOT-FOR-US: ZZCMS
-CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, 
is vuln ...)
+CVE-2023-35935
+       REJECTED
        NOT-FOR-US: @fastify/oauth2
 CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that 
takes a s ...)
        NOT-FOR-US: CometBFT
@@ -1351,6 +1378,7 @@ CVE-2023-32580 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. 
An unau ...)
        NOT-FOR-US: Dell
 CVE-2023-32439 (A type confusion issue was addressed with improved checks. 
This issue  ...)
+       {DSA-5449-1}
        - webkit2gtk 2.40.3-1
        - wpewebkit 2.40.3-1
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -3371,6 +3399,7 @@ CVE-2023-32281 (The affected application lacks proper 
validation of user-supplie
 CVE-2023-32203 (The affected application lacks proper validation of 
user-supplied data ...)
        NOT-FOR-US: Horner Automation
 CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was 
discovered in ...)
+       {DLA-3480-1}
        - ruby-redcloth <unfixed> (bug #1040488)
        [bookworm] - ruby-redcloth <no-dsa> (Minor issue)
        [bullseye] - ruby-redcloth <no-dsa> (Minor issue)
@@ -10574,8 +10603,8 @@ CVE-2023-29826
        RESERVED
 CVE-2023-29825
        RESERVED
-CVE-2023-29824
-       RESERVED
+CVE-2023-29824 (A use-after-free issue was discovered in Py_FindObjects() 
function in  ...)
+       TODO: check
 CVE-2023-29823
        RESERVED
 CVE-2023-29822
@@ -47355,8 +47384,8 @@ CVE-2023-20901
        RESERVED
 CVE-2023-20900
        RESERVED
-CVE-2023-20899
-       RESERVED
+CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication 
vulnerability. A ...)
+       TODO: check
 CVE-2023-20898
        RESERVED
 CVE-2023-20897
@@ -242582,7 +242611,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet 
through 0.17 allows remote
        NOTE: 
https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html
        NOTE: Patch in Fedora: 
https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in 
sctp_load_address ...)
-       {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
+       {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-3481-1 DLA-2150-1 DLA-2140-1}
        - libusrsctp 0.9.3.0+20200312-1 (bug #953270)
        - firefox 74.0-1
        - firefox-esr 68.6.0esr-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae7787764905447f47fea765f8fcc6fe31dc4ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae7787764905447f47fea765f8fcc6fe31dc4ff
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to